DETECTION OF UNAUTHORIZED WIRELESS PERSONAL AREA NETWORK LOW ENERGY DEVICES

US 20170048679A1
Filed: 08/11/2015
Published: 02/16/2017
Est. Priority Date: 08/11/2015
Status: Active Grant

First Claim

Patent Images

1. A method for determining an unauthorized device, the method comprising:

receiving, by one of more computer processors, detection information from a computing device, wherein the detection information includes;

a broadcast transmission from one or more devices with an associated universally unique identifier, major ID, minor ID, and received signal strength within an indoor positioning system;

creating, by one or more computer processors, a state trajectory map based on the received detection information, wherein the state trajectory map identifies connections between at least the computing device and a first device of the one or more devices and the computing device and a second device of the one or more devices;

determining, by one or more computer processors, one or more anomalies within the created state trajectory map;

determining, by one or more computer processors, an unauthorized device based on the determined one or more anomalies;

analyzing, by one or more computer processors, a suspicious state list for one or more of the following;

high frequency of occurrence of a universally unique identifier, and multiple connections with multiple state changes associated with a universally unique identifier;

determining, by one or more computer processor, the unauthorized device based on the analyzed suspicious state list; and

reporting, by one or more computer processors, the determined unauthorized device

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an approach for determining an unauthorized device, a computer receives detection information from a computing device, wherein the detection information includes a broadcast transmission from one or more devices. The computer creates a state trajectory map based on the received detection information, wherein the state trajectory map identifies connections between at least the computing device and a first device of the one or more devices and the computing device and a second device of the one or more devices. The computer one or more anomalies within the created state trajectory map. The computer determines an unauthorized device based on the determined one or more anomalies.

19 Citations

View as Search Results

20 Claims

1. A method for determining an unauthorized device, the method comprising:
- receiving, by one of more computer processors, detection information from a computing device, wherein the detection information includes;
  
  a broadcast transmission from one or more devices with an associated universally unique identifier, major ID, minor ID, and received signal strength within an indoor positioning system;
  
  creating, by one or more computer processors, a state trajectory map based on the received detection information, wherein the state trajectory map identifies connections between at least the computing device and a first device of the one or more devices and the computing device and a second device of the one or more devices;
  
  determining, by one or more computer processors, one or more anomalies within the created state trajectory map;
  
  determining, by one or more computer processors, an unauthorized device based on the determined one or more anomalies;
  
  analyzing, by one or more computer processors, a suspicious state list for one or more of the following;
  
  high frequency of occurrence of a universally unique identifier, and multiple connections with multiple state changes associated with a universally unique identifier;
  
  determining, by one or more computer processor, the unauthorized device based on the analyzed suspicious state list; and
  
  reporting, by one or more computer processors, the determined unauthorized device
- View Dependent Claims (2, 3, 5, 6, 7)
- - 2. The method of claim 1, wherein determining one or more anomalies within the created state trajectory map further comprises:
    - retrieving, by one or more computer processors, a baseline state trajectory map from memory;
      
      performing, by one or more computer processors, a comparison of the created state trajectory map to the baseline state trajectory map;
      
      determining, by one or more computer processors, whether at least one state anomaly is present within the created state trajectory map based on the comparison, wherein a state anomaly is a connection included in the created state trajectory map that is not included in the baseline trajectory map, and wherein the at least one state anomaly includes one or more of;
      
      a single state anomaly and a multiple state anomaly;
      
      identifying, by one or more computer processors, a connection within the created state trajectory map associated with the determined at least one state anomaly; and
      
      adding, by one or more computer processors, the identified connection associated with the determined state anomaly to a suspicious state list.
  - 3. The method of claim 2, further comprising:
    - responsive to determining at least one state anomaly is present within the created state trajectory map based on the comparison, parsing, by one or more computer processors, the created state trajectory map into one or more sub-trajectories that identify individual connections within the created state trajectory map;
      
      identifying, by one or more computer processors, one or more sub-trajectories that do not include the at least one determined state anomaly;
      
      determining, by one or more computer processors, whether the one or more identified sub-trajectories that do not include the at least one determined state anomaly include a transitional anomaly, wherein determining the transitional anomaly includes one more of the following;
      
      identifying connections within the one or more maintained sub-trajectories that are not neighbors, determining a transition time within the one or more maintained sub-trajectories is not met, and determining one or more maintained sub-trajectories violates a business rule; and
      
      adding, by one or more computer processors, a sub-trajectory associated with the transitional anomaly to the suspicious state list.
  - 5. The method of claim 2:
    - wherein the baseline state trajectory map is based on a location of identified devices and a physical layout of a building within an indoor positioning system; and
      
      wherein the one or more or more devices are beacons that are elements of the indoor positioning system.
  - 6. The method of claim 3, wherein the one or more devices include neighbor relationships between the one or more devices that identify an area of a first device that is adjacent to an area of a second device, allowing movement between the area of the first device and the area of the second device without moving through an area covered by a third device prior to entering the area of the second device.
  - 7. The method of claim 3, wherein the transition time identifies a minimum amount of time for a user to move from a first device to a second device.

4. (canceled)

8. A computer program product for determining an unauthorized device, the computer program product comprising:
- one or more computer readable storage media and program instructions stored on the one or more computer readable storage media, the program instructions comprising;
  
  program instructions to receive detection information from a computing device, wherein the detection information includes;
  
  a broadcast transmission from one or more devices with an associated universally unique identifier, major ID, minor ID, and received signal strength within an indoor positioning system;
  
  program instructions to create a state trajectory map based on the received detection information, wherein the state trajectory map identifies connections between at least the computing device and a first device of the one or more devices and the computing device and a second device of the one or more devices;
  
  program instructions to determine one or more anomalies within the created state trajectory map;
  
  program instructions to determine an unauthorized device based on the determined one or more anomalies;
  
  program instructions to analyze a suspicious state list for one or more of the following;
  
  high frequency of occurrence of a universally unique identifier, and multiple connections with multiple state changes associated with a universally unique identifier;
  
  program instructions to determine the unauthorized device based on the analyzed suspicious state list; and
  
  program instructions to report the determined unauthorized device.
- View Dependent Claims (9, 10, 12, 13, 14)
- - 9. The computer program product of claim 8, wherein determining one or more anomalies within the created state trajectory map further comprises program instructions, stored on the one or more computer readable storage media, to:
    - retrieve a baseline state trajectory map from memory;
      
      perform a comparison of the created state trajectory map to the baseline state trajectory map;
      
      determine whether at least one state anomaly is present within the created state trajectory map based on the comparison, wherein a state anomaly is a connection included in the created state trajectory map that is not included in the baseline trajectory map, and wherein the at least one state anomaly includes one or more of;
      
      a single state anomaly and a multiple state anomaly;
      
      identify a connection within the created state trajectory map associated with the determined at least one state anomaly; and
      
      add the identified connection associated with the determined state anomaly to a suspicious state list.
  - 10. The computer program product of claim 9, further comprising program instructions, stored on the one or more computer readable storage media, to:
    - responsive to determining at least one state anomaly is present within the created state trajectory map based on the comparison, parse the created state trajectory map into one or more sub-trajectories that identify individual connections within the created state trajectory map;
      
      identify one or more sub-trajectories that do not include the at least one determined state anomaly;
      
      determine whether the one or more identified sub-trajectories that do not include the at least one determined state anomaly include a transitional anomaly, wherein to determine the transitional anomaly includes one more of the following;
      
      identify connections within the one or more maintained sub-trajectories that are not neighbors, determine a transition time within the one or more maintained sub-trajectories is not met, and determine one or more maintained sub-trajectories violates a business rule; and
      
      add a sub-trajectory associated with the transitional anomaly to the suspicious state list.
  - 12. The computer program product of claim 9:
    - wherein the baseline state trajectory map is based on a location of identified devices and a physical layout of a building within an indoor positioning system; and
      
      wherein the one or more or more devices are beacons that are elements of the indoor positioning system.
  - 13. The computer program product of claim 10, wherein the one or more devices include neighbor relationships between the one or more devices that identify an area of a first device that is adjacent to an area of a second device, allowing movement between the area of the first device and the area of the second device without moving through an area covered by a third device prior to entering the area of the second device.
  - 14. The computer program product of claim 10, wherein the transition time identifies a minimum amount of time for a user to move from a first device to a second device.

11. (canceled)

15. A computer system for determining an unauthorized device, the computer system comprising:
- one or more computer processors, one or more computer readable storage media, and program instructions stored on the computer readable storage media for execution by at least one of the one or more processors, the program instructions comprising;
  
  program instructions to receive detection information from a computing device, wherein the detection information includes;
  
  a broadcast transmission from one or more devices with an associated universally unique identifier, major ID, minor ID, and received signal strength within an indoor positioning system;
  
  program instructions to create a state trajectory map based on the received detection information, wherein the state trajectory map identifies connections between at least the computing device and a first device of the one or more devices and the computing device and a second device of the one or more devices;
  
  program instructions to determine one or more anomalies within the created state trajectory map;
  
  program instructions to determine an unauthorized device based on the determined one or more anomalies;
  
  program instructions to analyze a suspicious state list for one or more of the following;
  
  high frequency of occurrence of a universally unique identifier, and multiple connections with multiple state changes associated with a universally unique identifier;
  
  program instructions to determine the unauthorized device based on the analyzed suspicious state list; and
  
  program instructions to report the determined unauthorized device.
- View Dependent Claims (16, 17, 19, 20)
- - 16. The computer system of claim 15, wherein determining one or more anomalies within the created state trajectory map further comprises program instructions, stored on the one or more computer readable storage media, to:
    - retrieve a baseline state trajectory map from memory;
      
      perform a comparison of the created state trajectory map to the baseline state trajectory map;
      
      determine whether at least one state anomaly is present within the created state trajectory map based on the comparison, wherein a state anomaly is a connection included in the created state trajectory map that is not included in the baseline trajectory map, and wherein the at least one state anomaly includes one or more of;
      
      a single state anomaly and a multiple state anomaly;
      
      identify a connection within the created state trajectory map associated with the determined at least one state anomaly; and
      
      add the identified connection associated with the determined state anomaly to a suspicious state list.
  - 17. The computer system of claim 16, further comprising program instructions, stored on the one or more computer readable storage media, to:
    - responsive to determining at least one state anomaly is present within the created state trajectory map based on the comparison, parse the created state trajectory map into one or more sub-trajectories that identify individual connections within the created state trajectory map;
      
      identify one or more sub-trajectories that do not include the at least one determined state anomaly;
      
      determine whether the one or more identified sub-trajectories that do not include the at least one determined state anomaly include a transitional anomaly, wherein to determine the transitional anomaly includes one more of the following;
      
      identify connections within the one or more maintained sub-trajectories that are not neighbors, determine a transition time within the one or more maintained sub-trajectories is not met, and determine one or more maintained sub-trajectories violates a business rule; and
      
      add a sub-trajectory associated with the transitional anomaly to the suspicious state list.
  - 19. The computer system of claim 16:
    - wherein the baseline state trajectory map is based on a location of identified devices and a physical layout of a building within an indoor positioning system; and
      
      wherein the one or more or more devices are beacons that are elements of the indoor positioning system.
  - 20. The computer system of claim 17, wherein the one or more devices include neighbor relationships between the one or more devices that identify an area of a first device that is adjacent to an area of a second device, allowing movement between the area of the first device and the area of the second device without moving through an area covered by a third device prior to entering the area of the second device.

18. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Chao, Zhang, Guan, Qiang, Li, Li, Tian, Chun hua, Wang, Fengjuan, Wang, Zhi Jun

Granted Patent

US 9,654,934 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 30/0225   Avoiding frauds

H04L 63/107   wherein the security polici...

H04L 63/14   for detecting or protecting...

H04L 63/1425   Traffic logging, e.g. anoma...

H04W 12/122   Counter-measures against at...

H04W 12/64   using geofenced areas

H04W 4/00   Services specially adapted ...

H04W 4/026   using orientation informati...

H04W 4/029   Location-based management o...

H04W 4/33   for indoor environments, e....

H04W 4/80   Services using short range ...

H04W 48/16   Discovering, processing acc...

H04W 8/005   Discovery of network device...

DETECTION OF UNAUTHORIZED WIRELESS PERSONAL AREA NETWORK LOW ENERGY DEVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DETECTION OF UNAUTHORIZED WIRELESS PERSONAL AREA NETWORK LOW ENERGY DEVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links